Digital certificate cross-referencing

US 6,615,347 B1
Filed: 06/30/1998
Issued: 09/02/2003
Est. Priority Date: 06/30/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for creating a first digital certificate for a first subscriber, wherein the first digital certificate binds the first subscriber to a first public key corresponding to a first private key held by the first subscriber, and the first public key and the first private key form a key pair for use in public-key cryptography, the method comprising:

determining, based on a predefined criteria, that the first subscriber is the same as a second subscriber of a second digital certificate, wherein the second digital certificate binds the second subscriber to a second public key corresponding to a second private key held by the second subscriber, and the second public key and the second private key form a key pair for use in public-key cryptography;

including in the first digital certificate related certificate information at least partially identifying the second digital certificate, wherein inclusion of the related certificate information in the first digital certificate indicates that it has been determined that the first subscriber is the same as the second subscriber according to the predefined criteria; and

digitally signing the first digital certificate.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

As part of a security infrastructure based on public-key cryptography, a first digital certificate (200) is issued by a first certification authority (104) to a first subscriber (102) and binds the first subscriber (102) to a first public key (210). The first public key (210) corresponds to a first private key held by the first subscriber (102), and the first public key and the first private key form a key pair for use in public-key cryptography. The first digital certificate (200) is digitally signed by the first certification authority (104) and includes subscriber information (206) pertaining to the first subscriber (102) and related certificate information (216) at least partially identifying a second digital certificate (200). The second digital certificate (200) is issued by a second certification authority (104) to a second subscriber (102) and is digitally signed by the second certification authority (104). It binds the second subscriber (102) to a second public key (210) corresponding to a second private key held by the second subscriber (102). The second public key and the second private key form a key pair for use in public-key cryptography. The first subscriber (102)is matched to the second subscriber (102).

227 Citations

27 Claims

1. A method for creating a first digital certificate for a first subscriber, wherein the first digital certificate binds the first subscriber to a first public key corresponding to a first private key held by the first subscriber, and the first public key and the first private key form a key pair for use in public-key cryptography, the method comprising:
- determining, based on a predefined criteria, that the first subscriber is the same as a second subscriber of a second digital certificate, wherein the second digital certificate binds the second subscriber to a second public key corresponding to a second private key held by the second subscriber, and the second public key and the second private key form a key pair for use in public-key cryptography;
  
  including in the first digital certificate related certificate information at least partially identifying the second digital certificate, wherein inclusion of the related certificate information in the first digital certificate indicates that it has been determined that the first subscriber is the same as the second subscriber according to the predefined criteria; and
  
  digitally signing the first digital certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1 wherein the related certificate information uniquely identifies the second digital certificate.
  - 3. The method of claim 1 wherein the related certificate information includes a serial number of the second digital certificate.
  - 4. The method of claim 1 wherein the step of determining, based on a predefined criteria, that the first subscriber is the same as the second subscriber comprises:
5. The method of claim 1 wherein the related certificate information pertains to the second subscriber.
6. The method of claim 1 wherein the related certificate information pertains to a period of validity of the second digital certificate.
7. The method of claim 6 wherein the related certificate information includes a date selected from the group of dates comprising:
- an effective date for the second digital certificate, an expiration date for the second digital certificate, and a revocation date for the second digital certificate.
8. The method of claim 1 wherein the related certificate information includes data which has been one-way hashed.
9. The method of claim 1 wherein:
- the first digital certificate includes a distinguished name of the first subscriber;
  
  the second digital certificate includes a distinguished name of the second subscriber; and
  
  the step of determining that the first subscriber is the same as the second subscriber comprises determining that a predefined portion of the distinguished name on the first digital certificate is the same as a corresponding portion of the distinguished name on the second digital certificate.
10. The method of claim 1 wherein:
- the first digital certificate includes data pertaining to the first subscriber;
  
  the second digital certificate includes data pertaining to the second subscriber; and
  
  the step of determining that the first subscriber is the same as the second subscriber comprises determining that the data pertaining to the first subscriber on the first digital certificate is the same as the data pertaining to the second subscriber on the second digital certificate.
11. The method of claim 1 wherein the step of determining that the first subscriber is the same as the second subscriber comprises:
- determining that data pertaining to the first subscriber not contained on the first digital certificate is the same as corresponding data pertaining to the second subscriber not contained on the second digital certificate.
12. The method of claim 1 wherein the step of determining that the first subscriber is the same as the second subscriber comprises:
- determining that the first digital certificate is a replacement of the second digital certificate.
13. The method of claim 1, wherein the step of determining that the first subscriber is the same as the second subscriber comprises:
- determining that the first digital certificate is a renewal of the second digital certificate.
14. The method of claim 1 wherein:
- the first and second digital certificates comply with the X.509 format; and
  
  the related certificate information is stored as an X.509 extension.
15. The method of claim 14 wherein:
- the related certificate information includes an X.509 extension including a serial number of the second digital certificate;
  
  the first and second digital certificates each include a subscriber distinguished name of their respective subscribers; and
  
  the step of determining that the first subscriber is the same as the second subscriber comprises determining that the distinguished name on the first digital certificate is the same as the distinguished name on the second digital certificate.
16. The method of claim 1 wherein the step of determining that the first subscriber is the same as the second subscriber comprises:
- determining that the first subscriber is trusted to a same degree as the second subscriber.
17. The method of claim 1 wherein the step of determining that the first subscriber is the same as the second subscriber comprises:
- determining that the first subscriber is entitled to a similar degree of access to resources as the second subscriber.
18. A computer readable medium storing instructions for controlling a processor to execute one of the methods of claims 1-4, 8-13, 16 or 17.

19. A method for processing a first digital certificate including related certificate information, wherein the first digital certificate binds a first subscriber to a first public key corresponding to a first private key held by the first subscriber, and the first public key and the first private key form a key pair for use in public-key cryptography, the method comprising:
- authenticating the first digital certificate;
  
  reading the related certificate information from the first digital certificate, wherein the related certificate information at least partially identifies a second digital certificate the second digital certificate binds a second subscriber to a second public key corresponding to a second private key held by the second subscriber, the second public key and the second private key form a key pair for use in public-key cryptography, and inclusion of the related certificate information in the first digital certificate indicates that it has been determined that the first subscriber is the same as the second subscriber according to a predefined criteria;
  
  identifying the second digital certificate based on the related certificate information;
  
  determining a status of the second digital certificate; and
  
  responsive to the status of the second digital certificate, processing the first digital certificate.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The method of claim 19 wherein:
21. The method of claim 20 wherein the step of processing the first digital certificate further comprises granting access to resources based on a similar degree of trust as the second digital certificate.
22. The method of claim 19 wherein:
- the step of determining the status of the second digital certificate comprises determining data to which the second digital certificate is used as an index; and
  
  the step of processing the first digital certificate comprises using the first digital certificate as an index to the data.
23. The method of claim 19 wherein the step of processing the first digital certificate comprises conferring the status of the second digital certificate onto the first digital certificate.
24. The method of claim 19 wherein the first digital certificate is a replacement of the second digital certificate.
25. The method of claim 19 wherein the first digital certificate is a renewal of the second digital certificate.
26. The method of claim 19 wherein:
- the first and second digital certificates comply with the X.509 format; and
  
  the related certificate information is stored as an X.509 extension.
27. A computer readable medium storing instructions for controlling a processor to execute one of the methods of claims 19-23 or 24-26.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DigiCert Incorporated
Original Assignee
VeriSign, Inc.
Inventors
Moskovitz, Ram A., de Silva, Mahinda K.
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
Baum, Ronald

Application Number

US09/107,655
Time in Patent Office

1,890 Days
Field of Search

713/155-158
US Class Current

713/156
CPC Class Codes

H04L 2209/56 Financial cryptography, e.g...

H04L 9/3263 involving certificates, e.g...

Digital certificate cross-referencing

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

227 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Digital certificate cross-referencing

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

227 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links